php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-13 02:52:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add check for string overflow to all string add operations

Browse Source
This commit is contained in:
Stanislav Malyshev
2016-05-09 22:17:20 -07:00
parent abd159cce4
commit 41fc3c76e9
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Zend/zend_operators.c
View File

@@ -1254,6 +1254,10 @@ ZEND_API int add_char_to_string(zval *result, const zval *op1, const zval *op2)
int length = Z_STRLEN_P(op1) + 1;
char *buf;
if (UNEXPECTED(length < 0)) {
zend_error(E_ERROR, "String size overflow");
}
if (IS_INTERNED(Z_STRVAL_P(op1))) {
buf = (char *) emalloc(length + 1);
memcpy(buf, Z_STRVAL_P(op1), Z_STRLEN_P(op1));
@@ -1273,6 +1277,9 @@ ZEND_API int add_string_to_string(zval *result, const zval *op1, const zval *op2
int length = Z_STRLEN_P(op1) + Z_STRLEN_P(op2);
char *buf;
if (UNEXPECTED(length < 0)) {
zend_error(E_ERROR, "String size overflow");
}
if (IS_INTERNED(Z_STRVAL_P(op1))) {
buf = (char *) emalloc(length+1);
memcpy(buf, Z_STRVAL_P(op1), Z_STRLEN_P(op1));